From d837dd3e2a97d6562f4b06b2f6644a38092f5ca7 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Thu, 29 Nov 2018 14:29:21 -0500 Subject: Update ubuntu VM image w/ newer runc Signed-off-by: Chris Evich --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 983ee1237..d4d978a81 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -42,7 +42,7 @@ full_vm_testing_task: # 'matrix' combinations. All run in parallel. matrix: # Images are generated separetly, from build_images_task (below) - image_name: "ubuntu-1804-bionic-v20180911-libpod-63a86a18" + image_name: "ubuntu-18-libpod-0c954a67" # TODO: Make these work (also build_images_task below) #image_name: "rhel-server-ec2-7-5-165-1-libpod-fce09afe" #image_name: "centos-7-v20180911-libpod-fce09afe" @@ -80,7 +80,7 @@ optional_system_testing_task: gce_instance: matrix: - image_name: "ubuntu-1804-bionic-v20180911-libpod-63a86a18" + image_name: "ubuntu-18-libpod-0c954a67" # TODO: Make these work (also build_images_task below) #image_name: "rhel-server-ec2-7-5-165-1-libpod-fce09afe" #image_name: "centos-7-v20180911-libpod-fce09afe" -- cgit v1.2.3-54-g00ecf From 1d2e1eece5ccb62c731e4d84d451a6b544c3389a Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 27 Nov 2018 21:18:44 +0100 Subject: rootless: propagate XDG_RUNTIME_DIR to the OCI runtime Signed-off-by: Giuseppe Scrivano --- libpod/oci.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libpod/oci.go b/libpod/oci.go index 6ca3ef2e6..3222f9403 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -696,8 +696,12 @@ func (r *OCIRuntime) stopContainer(ctr *Container, timeout uint) error { // deleteContainer deletes a container from the OCI runtime func (r *OCIRuntime) deleteContainer(ctr *Container) error { - _, err := utils.ExecCmd(r.path, "delete", "--force", ctr.ID()) - return err + runtimeDir, err := util.GetRootlessRuntimeDir() + if err != nil { + return err + } + env := []string{fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)} + return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, env, r.path, "delete", "--force", ctr.ID()) } // pauseContainer pauses the given container -- cgit v1.2.3-54-g00ecf From 2dfb7c02b16471c23ef8d0c8b0ede686560e4d2c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 30 Nov 2018 11:31:56 +0100 Subject: Dockerfile, .cirrus.yml: update runc commit we need to inherit this change from runc. commit 869add33186caff4a22e3e11a7472a2d48d77889: rootless: fix running with /proc/self/setgroups set to deny This is a regression from 06f789cf26774dd64cb2a9cc0b3c6a6ff832733b when the user namespace was configured without a privileged helper. To allow a single mapping in an user namespace, it is necessary to set /proc/self/setgroups to "deny". For a simple reproducer, the user namespace can be created with "unshare -r". Signed-off-by: Giuseppe Scrivano --- .cirrus.yml | 2 +- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index d4d978a81..0bdcb8db1 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -20,7 +20,7 @@ env: CNI_COMMIT: "7480240de9749f9a0a5c8614b17f1f03e0c06ab9" CRIO_COMMIT: "7a283c391abb7bd25086a8ff91dbb36ebdd24466" CRIU_COMMIT: "c74b83cd49c00589c0c0468ba5fe685b67fdbd0a" - RUNC_COMMIT: "78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d" + RUNC_COMMIT: "869add33186caff4a22e3e11a7472a2d48d77889" # File to update in home-dir with task-specific env. var values ENVLIB: ".bash_profile" # Overrides default location (/tmp/cirrus) for repo clone diff --git a/Dockerfile b/Dockerfile index 3eb7b0a07..e1d7b4649 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,7 +52,7 @@ ADD . /go/src/github.com/containers/libpod RUN set -x && cd /go/src/github.com/containers/libpod && make install.libseccomp.sudo # Install runc -ENV RUNC_COMMIT 78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d +ENV RUNC_COMMIT 869add33186caff4a22e3e11a7472a2d48d77889 RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ -- cgit v1.2.3-54-g00ecf From 2842b8ad403e99268f40ad29e453d43bbc3e3a4f Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 30 Nov 2018 19:26:28 +0100 Subject: cirrus: make apt noninteractive Signed-off-by: Giuseppe Scrivano --- contrib/cirrus/packer/ubuntu_setup.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index 4cf1f335b..ef209a4a4 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -21,11 +21,13 @@ install_ooe export GOPATH="$(mktemp -d)" trap "sudo rm -rf $GOPATH" EXIT +export DEBIAN_FRONTEND=noninteractive + # Try twice as workaround for minor networking problems echo "Updating system and installing package dependencies" -ooe.sh sudo apt-get -qq update || sudo apt-get -qq update -ooe.sh sudo apt-get -qq upgrade || sudo apt-get -qq upgrade -ooe.sh sudo apt-get -qq install --no-install-recommends \ +ooe.sh sudo -E apt-get -qq update || sudo -E apt-get -qq update +ooe.sh sudo -E apt-get -qq upgrade || sudo -E apt-get -qq upgrade +ooe.sh sudo -E apt-get -qq install --no-install-recommends \ apparmor \ autoconf \ automake \ -- cgit v1.2.3-54-g00ecf From babb7c248b1685bc67703e96755080eff3792795 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 30 Nov 2018 19:45:31 +0100 Subject: cirrus: update ubuntu image Signed-off-by: Giuseppe Scrivano --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 0bdcb8db1..304efb2f4 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -80,7 +80,7 @@ optional_system_testing_task: gce_instance: matrix: - image_name: "ubuntu-18-libpod-0c954a67" + image_name: "ubuntu-1804-bionic-v20180911-libpod-e8d18305" # TODO: Make these work (also build_images_task below) #image_name: "rhel-server-ec2-7-5-165-1-libpod-fce09afe" #image_name: "centos-7-v20180911-libpod-fce09afe" -- cgit v1.2.3-54-g00ecf From deeb3eaf7dde436fd23f8bcb03d30021e2b27c0b Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 30 Nov 2018 21:27:21 +0100 Subject: tests: always install runc on Ubuntu Signed-off-by: Giuseppe Scrivano --- contrib/cirrus/lib.sh | 22 ++++++++++++++-------- contrib/cirrus/setup_environment.sh | 2 ++ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 6d43c6ea5..04314e5fe 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -157,6 +157,19 @@ install_cni_plugins() { sudo cp bin/* /usr/libexec/cni } +install_runc_from_git(){ + wd=$(pwd) + DEST="$GOPATH/src/github.com/opencontainers/runc" + rm -rf "$DEST" + ooe.sh git clone https://github.com/opencontainers/runc.git "$DEST" + cd "$DEST" + ooe.sh git fetch origin --tags + ooe.sh git checkout -q "$RUNC_COMMIT" + ooe.sh make static BUILDTAGS="seccomp selinux" + sudo install -m 755 runc /usr/bin/runc + cd $wd +} + install_runc(){ OS_RELEASE_ID=$(os_release_id) echo "Installing RunC from commit $RUNC_COMMIT" @@ -179,14 +192,7 @@ install_runc(){ cd "$GOPATH/src/github.com/containers/libpod" ooe.sh sudo make install.libseccomp.sudo fi - DEST="$GOPATH/src/github.com/opencontainers/runc" - rm -rf "$DEST" - ooe.sh git clone https://github.com/opencontainers/runc.git "$DEST" - cd "$DEST" - ooe.sh git fetch origin --tags - ooe.sh git checkout -q "$RUNC_COMMIT" - ooe.sh make static BUILDTAGS="seccomp selinux" - sudo install -m 755 runc /usr/bin/runc + install_runc_from_git } install_buildah() { diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 167db127f..2563b5f43 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -53,6 +53,8 @@ then # Some setup needs to vary between distros case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in ubuntu-18) + # Always install runc on Ubuntu + install_runc_from_git envstr='export BUILDTAGS="seccomp $($GOSRC/hack/btrfs_tag.sh) $($GOSRC/hack/btrfs_installed_tag.sh) $($GOSRC/hack/ostree_tag.sh) varlink exclude_graphdriver_devicemapper"' ;; fedora-28) ;& # Continue to the next item -- cgit v1.2.3-54-g00ecf